Project Lifecycle Navigator / 项目生命周期导航助手

Security checks across malware telemetry and agentic risk

Overview

This is a text-only bilingual project guidance skill with no hidden execution, credential, network, or persistence behavior found.

This skill is reasonable to install if you want structured project planning and code-review prompts. It may ask you to provide project files for review, so only share code you are comfortable having your agent inspect, and treat any recommendations to delete, refactor, or change code as plans to review before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: This prompt is entirely Chinese and instructs the assistant to begin in Chinese without checking the user's language preference. That can exclude or confuse users who expected English or another language, causing incorrect interaction flow or abandonment. In this skill's context, the issue is usability and consent rather than direct security compromise, but it still creates a trust and accessibility problem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal